Search form

Biometrics

Biometrics

Biometrics systems are designed to identify or verify the identity of people by using their intrinsic physical or behavioral characteristics. Biometric identifiers include fingerprints; iris, face and palm prints; gait; voice; and DNA, among others.

The government insists that biometrics databases can be used effectively for border security, to verify employment, to identify criminals, and to combat terrorism. Private companies argue biometrics can enhance our lives by helping us to identify our friends more easily and by allowing us access to places, products, and services more quickly and accurately. But the privacy risks that accompany biometrics databases are extreme.

Biometrics’ biggest risk to privacy comes from the government’s ability to use it for surveillance. As face recognition technologies become more effective and cameras are capable of recording greater and greater detail, surreptitious identification and tracking could become the norm.

The problems are multiplied when biometrics databases are “multimodal,” allowing the collection and storage of several different biometrics in one database and combining them with traditional data points like name, address, social security number, gender, race, and date of birth. Further, geolocation tracking technologies built on top of large biometrics collections could enable constant surveillance. And if the government gets its way, all of this data could be obtained without a warrant and without notice or warning.

Large standardized collections of biometrics also increase the risk of data compromise from which it could be almost impossible to recover. In the near future, biometrics could stand in for your driver license or social security number, and you could be asked for a thumbprint or an iris scan just to rent an apartment or see a doctor. This could lead to many vulnerable copies of that linked data that could wind up in the hands of identity thieves. And any data compromises would be catastrophic; unlike a credit card or even a social security number, your biometric data can’t be revoked or re-issued.

EFF is monitoring the development and implementation of these technologies, both in the law enforcement and commercial contexts. We are fighting to build privacy protections into systems at the front end so that we don’t have to face privacy threats on the back end.

In India, a massive effort is underway to collect biometric identity information for each of the country’s 1.2 billion people. The incredible plan, dubbed the “mother of all e-governance projects” by the Economic Times, has stirred controversy in India and beyond, raising serious concerns about the privacy and security of...

Over the last few years, we've beenbattlinglaws that require a person arrested to give a DNA sample as part of the routine booking process. The law makes this DNA collection automatic and mandatory; law enforcement do not need a reason to collect the DNA and...

On Tuesday March 6, the French National Assembly (Assemblée Nationale) passed a law proposing the creation of a new biometric ID card for French citizens with the justification of combating “identity fraud”. More than 45 million individuals in France will have their fingerprints and digitized faces stored in what would...